CVE-2025-61734: Apache Kylin Files or Directories Accessible to External Parties
Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin’s system and project admin access is well protected.
This issue affects Apache Kylin: from 4.0.0 through 5.0.2.
Users are recommended to upgrade to version 5.0.3, which fixes the issue.
References
- github.com/advisories/GHSA-p86w-w5rh-m3hx
- github.com/apache/kylin
- github.com/apache/kylin/commit/22eb8fd5dfdeffa3fc57bae6d5c82a019eece662
- github.com/apache/kylin/pull/2332
- issues.apache.org/jira/browse/KYLIN-6082
- lists.apache.org/thread/z705g7sn3g0bkchlqbo1hz1tyqorn4d2
- nvd.nist.gov/vuln/detail/CVE-2025-61734
Code Behaviors & Features
Detect and mitigate CVE-2025-61734 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →